« July 2005 | Main | September 2005 »
August 29, 2005
Unix FAQ
I asked a question on the newsgroup: how to delete the files with special names like "--name", someone pointed me a great Unix FAQ page. It's also a must read for FreeBSD users:
http://www.faqs.org/faqs/unix-faq/faq/part1/
Category : FreeBSD General
Posted by FreeBSD Newbie at 09:50 PM | Comments (1)
August 27, 2005
Exclude a Sub-directory in Tar Command
To backup the directory /home/ to file /backups/home.tgz, and exclude /home/apachelog/ :
# cd /home
# tar czvf /backups/home.tgz --exclude apachelog/ *
Category : Command & Utility
Posted by FreeBSD Newbie at 01:14 AM | Comments (0)
August 18, 2005
Install Awstats 6.5 Without Ports
Awstats in ports is still marked "forbidden". I like to check out the web logs when I'm bored. I decide to install Awstats 6.5 in the traditional way instead of waiting for the port release. Since I have used Awstats before, the domain configuration files, .htaccess and password files for directory protection are still there, "make deinstall" doesn't delete them. The installation only took several minutes.
# cd /usr/local/www
# wget http://awstats.sourceforge.net/files/awstats-6.5.tar.gz
# tar xvf awstats-6.5.tar.gz
# chmod +rx awstats-6.5
# cd tools
# ./awstats_configure.pl
# apachectl graceful
Now, Awstats is ready without directory protection. If you use "online update mode" for Awstats like me, protecting the stats is recommended.
Please note that installing from ports is preferred whenever possible, this is only my temporary solution.
Category : Apache
Posted by FreeBSD Newbie at 12:31 PM | Comments (0)
August 17, 2005
Rootkit Hunter - Another Root Kits Checking Tool
I have tried chkrootkit, and I think it's a very good tool. The book "Mastering FreeBSD and OpenBSD Security", a security bible to me, only mentioned Rootkit Hunter, so I decide to give it a try.
Install
# cd /usr/ports/security/rkhunter/
# make install clean
# rehash
Check for database updates
# rkhunter --update
Perform a complete scan
# rkhunter -c
I got two warnings: one is the hidden directory /usr/.snap, the other one is the toor account, both are actually normal for FreeBSD system. Full report is attached below.
Compared to chkrootkit, the checking process takes longer and seems more thorough, the output looks better with color highlight.
For crob job, its FAQ suggests using the parameter "--quite" to only print the warning messages, but the output is undesirable:
# rkhunter -c --cronjob --quiet
Line:
[ Warning! ]
Line: [ Warning! ]
[ Warning! (some users in root group) ]
To perform a daily scan, the cron job looks like:
MAIL root
0 3 * * * /usr/local/bin/rkhunter -c --cronjob
(Execute at 3:00am)
Sample output
Continue reading "Rootkit Hunter - Another Root Kits Checking Tool"
Category : Security
Posted by FreeBSD Newbie at 11:35 AM | Comments (2)
August 16, 2005
Arbitrary Code Execution Vulnerability in Awstats 6.4
There is a new vulnerability in Awstats 6.4, detailed explanation is here. The new development version 6.5 has addressed this issue, but not available yet in ports. Awstats 6.4 has been marked forbidden in the ports, "make install" will display the following message, which is different from the portaudit error:
===> awstats-6.4 is forbidden: http://vuxml.FreeBSD.org/e86fbb5f-0d04-11da-bc08-0001020eed82.html.
I deinstalled Awstats and cleaned up the files and related Apache configuration. Awstats installation is a little messed up on my server, I started using it since version 6.1 which needs a manual copy, version 6.4 seemed to make it automate, which ended with two copies on my server. But now I think I might be mistaken - ports shouldn't be so dumb, it's very possible that I missed something when I installed 6.1. Anyway, the domain configuration files are located in a different folder /etc/awstats and not affected, it will be very easy to install the soon-to-be-released version, a "make install" and an optional directory protection should be enough.
Category : Security
Posted by FreeBSD Newbie at 12:35 PM | Comments (0)
August 13, 2005
Check Rootkit
chkrootkit (official website is very slow) is a tool for checking root kits, it's very easy to install and use.
# cd /usr/ports/security/chkrootkit
# make install clean
# rehash
# chkrootkit
I got a warning on the server where my phpBB forum is running:
Searching for anomalies in shell history files... Warning: `//root/.mysql_history' file size is zero nothing found
I can't find any information about how MySQL updates this file, I suppose it is normal.
Output on my server:
Continue reading "Check Rootkit"
Category : Security
Posted by FreeBSD Newbie at 04:40 AM | Comments (0)
August 08, 2005
CPU Difference
Different CPUs seem to make big difference in terms of performance.
My two FreeBSD servers have the same configurations (FreeBSD 5.3/Apache 1.33/PHP 4/MySQL 4) and the same memory (1GB ram). Server 1 uses AMD Athlon XP2400; Server 2 uses Intel Pentium 4 2.8GHz. When executing a PHP script with a few MySQL operations, despite of more visitors and bigger database, server 2 is still significantly faster than server 1.
Category : FreeBSD General
Posted by FreeBSD Newbie at 08:15 PM | Comments (0)
August 07, 2005
phpBB Hack
My phpBB forum was hacked recently, it seemed to be a targeted attack.
What's Changed
1. Three word censors were added.
2. A few users (user IDs are in a row) were granted the admin privileges.
Possible ways to make the above changes:
1. Through phpBB admin control panel.
2. Modify tables directly in mysql command line or with uploaded scripts.
My first guess is phpBB. I installed phpBB beginning with version 2.0.11, and followed the upgrades thereafter. Because the forum is heavily customized and it isn't easy to perform a clean upgrade, I only applied the critical security fix according to its official release notes, maybe I missed something. Adding word censors needs to access admin_words.php, but I didn't find any stats in the Apache log file. Also, it's a little troublesome to grant the admin rights to a few users with the admin control panel.
Category : Security
Posted by FreeBSD Newbie at 10:15 PM | Comments (0)